2.1.2 HTTP Transport
This section specifies the protocol to use HTTP transport as specified in [RFC1945] and [RFC2616] to transmit method invocation and return information. At a high level, the message request of a Remote Method invocation MUST be sent as part of an HTTP request and the reply from the server MUST be sent as part of the HTTP response. In the case of a one-way method, the HTTP response body MUST be empty, as specified in Sending Reply (section 2.1.2.2.2).
Port 80 is the standard port assignment for HTTP and port 443 is the standard port assignment for HTTPS. However, an implementation MUST support other ports if specified by a higher-level protocol in an implementation-defined way.
If instructed by a higher-level protocol in an implementation-specific way, implementations of this protocol MUST require that the HTTP implementation on the server use Basic or Digest Access Authentication for HTTP to authenticate the HTTP client, as specified in [RFC2617] or NTLM authentication [MS-NLMP] for HTTP.
The higher-level protocol MUST provide in an implementation-specific way either credentials in the form of user name/password or a client-side certificate. Implementations of this protocol MUST NOT process the credentials or authentication information. Such processing typically happens entirely inside implementations of lower protocol layers.